diff options
author | Gerald Combs <gerald@wireshark.org> | 2003-05-19 03:23:12 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2003-05-19 03:23:12 +0000 |
commit | 7a132e5b48db1f5fea29d461daa8d3a481432918 (patch) | |
tree | 52efc6af782789bdc73143e570d7f654e6799987 /packet-quake2.c | |
parent | a53a260f3c9f6a3bc0ac3ab4ec824f4b39a82ef0 (diff) |
More tvb_get_nstringz0() fixes. Timo Sirainen pointed out that Bad
Things can happen if we pass a zero buffer length to tvb_get_nstringz0().
Throw an exception if this happens.
In various dissectors make sure the tvb_get_nstringz0()'s buffer length
is greater than zero.
svn path=/trunk/; revision=7688
Diffstat (limited to 'packet-quake2.c')
-rw-r--r-- | packet-quake2.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/packet-quake2.c b/packet-quake2.c index 5babdcf737..f62665cf9c 100644 --- a/packet-quake2.c +++ b/packet-quake2.c @@ -7,7 +7,7 @@ * http://www.dgs.monash.edu.au/~timf/bottim/ * http://www.opt-sci.Arizona.EDU/Pandora/default.asp * - * $Id: packet-quake2.c,v 1.13 2002/08/28 21:00:27 jmayer Exp $ + * $Id: packet-quake2.c,v 1.14 2003/05/19 03:23:11 gerald Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -93,7 +93,6 @@ dissect_quake2_ConnectionlessPacket(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *cl_tree = NULL; proto_item *cl_item = NULL; guint8 text[2048]; - int maxbufsize = 0; int len; int offset; @@ -116,8 +115,7 @@ dissect_quake2_ConnectionlessPacket(tvbuff_t *tvb, packet_info *pinfo _U_, /* all the rest of the packet is just text */ offset = 4; - maxbufsize = MIN((gint)sizeof(text), tvb_length_remaining(tvb, offset)); - len = tvb_get_nstringz0(tvb, offset, maxbufsize, text); + len = tvb_get_nstringz0(tvb, offset, sizeof(text), text); if (cl_tree) { proto_tree_add_string(cl_tree, hf_quake2_connectionless_text, tvb, offset, len + 1, text); @@ -351,9 +349,7 @@ dissect_quake2_client_commands_uinfo(tvbuff_t *tvb, packet_info *pinfo _U_, guint8 message[MAX_MSGLEN]; gint len; - len = tvb_get_nstringz0(tvb, 0, - (guint) MIN(tvb_reported_length(tvb), sizeof(message)), - message); + len = tvb_get_nstringz0(tvb, 0, sizeof(message), message); if (message[len] == '\0') len++; @@ -372,9 +368,7 @@ dissect_quake2_client_commands_stringcmd(tvbuff_t *tvb, packet_info *pinfo _U_, guint8 message[MAX_MSGLEN]; gint len; - len = tvb_get_nstringz0(tvb, 0, - (guint) MIN(tvb_reported_length(tvb), sizeof(message)), - message); + len = tvb_get_nstringz0(tvb, 0, sizeof(message), message); if (message[len] == '\0') len++; |